ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
During a code review you discover that a RESTful service writes every inbound HTTP request, including user passwords and session cookies, to an application log whenever an error is thrown. To meet secure logging confidentiality requirements without sacrificing forensic usefulness, which change should you implement first?
Encrypt the existing log files at rest with AES-256 and keep current verbose logging in place.
Add a preprocessing step that redacts or masks sensitive fields (e.g., passwords, tokens) before records are written to the log.
Reduce the log retention period to twenty-four hours to limit how long sensitive data remains stored.
Forward all logs, unchanged, to a hardened remote syslog server over TLS for centralized storage.
Removing or masking sensitive values before they are written to any log provides the strongest confidentiality benefit with minimal impact on diagnostics. Once data such as passwords or session tokens are omitted or irreversibly redacted, the risk of accidental disclosure through log theft, misconfiguration, or excessive retention is greatly reduced. Encrypting or exporting logs, shortening retention, or compressing files can lower exposure but all leave the sensitive data intact and still accessible to anyone who obtains decryption keys or legitimate access, so they are secondary controls rather than the primary mitigation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is redacting sensitive fields more effective than encrypting logs?
Open an interactive chat with Bash
What are other benefits of masking sensitive data during logging?
Open an interactive chat with Bash
How can preprocessing redaction be implemented in a RESTful service?
Open an interactive chat with Bash
Why is preprocessing sensitive data before logging critical to security?
Open an interactive chat with Bash
How does AES-256 encryption differ from redaction for securing logs?
Open an interactive chat with Bash
Why is forwarding logs to a remote syslog server insufficient for confidentiality requirements?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Implementation
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .